top | item 46753542

(no title)

lucrbvi | 1 month ago

You should know that there is already a solution for this, SafeTensors [0].

But it may be a nice tool for those who download "unsafe" models

[0]: https://huggingface.co/docs/safetensors/index

discuss

It seems like this project has decided that .safetensors might not be so safe after all, since it's scanning them too, according to https://drive.google.com/drive/folders/1G-Bq063zk8szx9fAQ3NN... at least.

arseniibr|1 month ago

Safetensors is the goal, but legacy models are still there. A massive portion of the ecosystem (especially older fine-tunes and specialized architectures) is still stuck on Pickle/PyTorch .bin. Until 100% of models migrate, we need tooling to audit the "unsafe" ones.